Device ID Reset Fraud

Fraudulent activity in which fraudsters seek to create “fake users” by clicking an ad, installing and engaging with an app, then resetting the device ID at scale

What is device ID reset fraud?

Device ID reset fraud is a cycle of fraudulent activity in which fraudsters click on ads, install an app, generate in-app engagement, and later reset the device ID before uninstalling and reinstalling the app to simulate new installs. When fraudsters reset their device IDs continuously between installs using massive install farms, they effectively generate significant numbers of “real” clicks, installs, and engagement from new device IDs, bypassing real-time, anti-fraud protection measures.

Device ID reset fraud likely originates from Apple’s move from the Unique Device Identifier (UDID) to the Identifier for Advertisers (IDFA). The main goal of the new IDFA, in iOS version 6, was to give user’s complete control over their in-app activity. Instead of giving advertisers unrestricted access to track and analyze in-app behavior, the IDFA allows users to either limit ad tracking for their device ID or reset it entirely – meaning total privacy without restriction. Eventually, Google also made similar capabilities available with their GAID.

However, the freedom of the IDFA also brought with it a new wave of fraudsters who capitalized on the opportunity to reset their device IDs at scale, and device ID reset fraud became prevalent. Following in the typical cat-and-mouse dynamics of fraud, after Q4 2017, device ID reset fraud rates dropped as anti-fraud solutions with massive scale of data and continuous machine learning developed effective mechanisms against it. Some adaptations from fraudsters and we can see those numbers rise in their share of the pie, although nowhere near the levels they used to be in.

Device ID Reset Fraud Flow

Why is knowing about device ID reset fraud important?

Device ID reset fraud is a particularly sneaky type of fraud because it is seemingly legitimate app install activity. The cyclical actions, perpetrated by phone farms, are repeated at scale through Device ID reset marathons, or by hiding behind the “Limit Ad Tracking” setting (on iOS devices). While the app install and engagement activity appears to be real, none of it has any actual value to advertisers or the apps’ growth. On the contrary, it is highly detrimental.

In Q3 2018, an AppsFlyer study found that:

Device ID reset fraud still accounts for about 26% of all mobile install fraud attacks

Advertisers are losing around $900 million – $1 billion annually

Device ID reset fraud occurs everywhere – in all countries or regions, on both iOS and Android, and across nearly all verticals – meaning no app is safe.

AppsFlyer’s Protect360 with DeviceRank™, the largest anti-fraud database in the world, effectively fights device ID reset fraud. Devices are anonymously ranked for legitimacy from cross-publisher activity analysis and based on a multi-point profile. These ratings harness a combination of big data and machine learning to continuously update device ratings, which range from clean to fraudulent.

Device ID reset fraud is no longer as prevalent as it was only a short time ago, but the main idea to keep in mind is that fraud, along with anti-fraud protection solutions, continues to evolve, coming in waves on a regular basis.